Ask the Experts

For an enterprise application, assuming our development team does lots of little changes (in two- to three-week iterations), how frequently should we do a comprehensive security examination?
Continue Reading

As our developers incorporate more and more third-party software components and partner APIs that we don't have direct control over, how do we test for third-party application security?
Continue Reading

Negative, anonymous feedback puts both testers and project managers in a difficult situation. It's hard for testers to act on vague complaints and awkward for managers to provide the necessary clarification. This expert advice may offer a way out.
Continue Reading

Requirements management and the requirements process are sometimes used to mean the same thing, but customers should be aware that there are differences, and that tools often do not perform all of the tasks in the requirements process.
Continue Reading

To prevent feature creep, product requirements should satisfy the actual business requirements. Creep can occur when product requirements are detailed but business requirements are too general.
Continue Reading